User`s guide
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers
514
AlterPath OnSite Administrator’s and User’s Guide
• timeout:
The timeout (in seconds) for a
TACACS+
authentication query to be
answered.
• retries: Defines the number of times a TACACS+ server is tried
before another is contacted. The first server authhost1 is tried for the
specified number of times, before the second authhost2, if configured, is
contacted and tried for the specified number of times. If the second server
fails to respond or if no second server is configured, TACACS+
authentication fails.
T To Configure a TACACS+ Authentication
Server on the Command Line
1. On the OnSite, edit the following parameters in the /etc/
tacplus.conf file, changing the values as described under
“Configuring a TACACS+ Authentication Server on the Command Line”
on page 513.
Note: If configuring group access on the TACACS+ authentication server,
service must be defined as raccess.
2. Save and quit the file.
Configuring Groups for RADIUS
The following list defines the values that to define when configuring a
RADIUS authentication server on the OnSite.
• auth1 server[:port] secret [timeout] [retries]
• acct1 server[:port] secret [timeout] [retries]
authhost1=TACACS+_authentication_server_IP
accthost1=TACACS+_accounting_server_IP
secret=secret
encrypt=1
service=raccess
protocol=lcp
timeout=10
retries=2